Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems
|
|
- Hector Wood
- 6 years ago
- Views:
Transcription
1 Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems Section 1: Command Line Tools Skill 1: Employ commands using command line interface 1.1 Use command line commands to gain situational awareness of the current workstation 1.2 Use System Internals tools to gain situational awareness of the current workstation Skill 2: Employ commands using Windows Management Instrumentation Command-line 2.1 Use WMIC commands to gain situational awareness of the current workstation Skill 3: Employ commands using Powershell 3.1 Identify the purpose of using Powershell in operations 3.2 Demonstrate basic functionality of Powershell 3.3 Describe the main components of Powershell Skill 4: Develop scripts. 4.1 Discuss the purpose of creating a script 4.2 Create a batch script that will perform basic enumeration of a workstation 4.3 Create Powershell script that will perform basic enumeration of a workstation Section 2: Processes SKILL 5: Define the Windows pre-boot process SKILL 6: Define the Windows boot process SKILL 7: Identify the Windows logon process SKILL 8: Identify Windows processes 8.1 Explain how to find the current status of a Windows process 8.2 Explain the process states and identify why they are important 8.3 Explain process threads and handles
2 8.4 Describe the thread states 8.5 Discuss the differences between processes, threads and handles 8.6 Describe system processes SKILL 9: Analyze the validity of Windows processes 9.1 Identify the importance of the output of command line tools 9.2 Determine the abnormal activities that are taking place on a system based on a process list SKILL 10: Identify different types of malware 10.1 Distinguish between types of malware 10.2 Discuss the purpose and methodology of bots and botnets SKILL 11: Identify aspects of virtualization 11.1 Discuss the importance of virtual machines SKILL 12: Identify the importance of situational awareness 12.1 Explain the situational awareness process 12.2 List ways to gain situational awareness on a remote system 12.3 Explain potential reasons for heightened situational awareness Section 3: Registry SKILL 13: Explain the purpose of Windows Registry 13.1 Explain the purpose and role of Windows Registry and its major functions 13.2 Describe Registry hierarchy organization and primary components SKILL 14: Employ Windows Registry tools 14.1 Identify parts of the Registry using GUI-based tools 14.2 Use command line syntax to query, view, analyze, modify and create Registry values 14.3 Explain when and how changes to the Registry are expected to take effect SKILL 15: Analyze Windows Registry for suspicious activity 15.1 Identify Registry locations that contain forensically relevant information 15.2 Identify Registry locations that can be utilized for persistence 15.3 Perform basic analysis on a Windows system with a compromised Registry
3 Section 4: System Hardening, Auditing and Logs SKILL 16: Identify basic Windows firewall concepts 16.1 Enable Windows firewall settings with the graphical user interface and command line tools 16.2 Describe the different components of Windows firewall SKILL 17: Identify components of New Technology File System (NTFS) 17.1 Describe basic file and folder permissions 17.2 Modify permissions in Windows 17.3 Apply permissions based on users and groups SKILL 18: Define Windows Resource Protection 18.1 Describe Windows Resource Protection 18.2 Identify files that are protected by Windows Resource Protection 18.3 Discuss the security implications of Windows Resource Protection on a compromised system SKILL 19: Define user account control 19.1 Identify the purpose of user account control 19.2 Employ user interface privilege isolation SKILL 20: Analyze Windows system security posture 20.1 Discuss information assurance and information security policies SKILL 21: Identify security products 21.1 Identify host-based security products 21.2 Identify network security products 21.3 Discuss signature based detection 21.4 Discuss heuristic based detection SKILL 22: Define Windows auditing 22.1 Explain why audit policies are important 22.2 Explain the functionality of the main logs 22.3 Discuss audit policy settings
4 22.4 Identify the events that get audited SKILL 23: Configure the audit policy for anomalous activity 23.1 Use GUI tools to view policy settings 23.2 Use command line tools to view policy settings SKILL 24: Analyze event logs for anomalous activity 24.1 Identify the locations of logs on the Windows system 24.2 Identify events that would be audited and why 24.3 Employ command line tools to view event logs Section 5: Windows Networking SKILL 25: Identify Windows networking features 25.1 Describe Server Message Block (SMB) 25.2 Explain the purpose of mailslots 25.3 Describe NetBIOS 25.4 Distinguish hostnames from NetBIOS names 25.5 Explain Windows network naming schemes 25.6 Define host name resolution 25.7 Define remote procedure call (RPC) 25.8 Describe Group Policy Objects 25.9 Perform Group Policy Object queries through the command line Modify Group Policy Objects through the command line SKILL 26: Perform basic network analysis on a Windows machine 26.1 Perform basic network analysis using built-in tools 26.2 Describe sockets 26.3 Identify services associated with listening ports 26.4 Assess security implications of listening ports and established connections SKILL 27: Analyze security identifiers 27.1 Identify the purpose of security system components
5 27.2 Explain how access tokens are important for security 27.3 Explain security identifiers and how they are generated 27.4 Locate a SID in the Windows Registry and associate it with a user profile 27.5 Identify built-in Windows user accounts 27.6 Identify the differences between local and domain accounts 27.7 Describe common user rights and the rights assigned to built-in groups SKILL 28: Identify Active Directory basics 28.1 Identify the Active Directory Schema and Global Catalog 28.2 Describe the features of Active Directory 28.3 Explain the logical and physical structure of Active Directory 28.4 Describe functions of the resources associated with Active Directory 28.5 Employ command line tools to gain information about a system or network Section 6: Windows Tactical Survey SKILL 29: Describe the phases of Incident Response 29.1 Identify what occurs in the Preparation phase of Incident Response 29.2 Identify what occurs in the Identification phase of Incident Response 29.3 Identify what occurs in the Containment phase of Incident Response 29.4 Identify what occurs in the Investigation phase of Incident Response 29.5 Identify what occurs in the Eradication phase of Incident Response 29.6 Identify what occurs in the Recovery phase of Incident Response SKILL 30: Describe order of volatility 30.1 Discuss the factors involved when considering order of volatility 30.2 Assess the order of volatility during an incident SKILL 31: Analyze the enumeration process 31.1 Identify baseline knowledge on a machine 31.2 Gather baseline knowledge on a machine 31.3 Discuss the differences between malicious and normal activity
6 31.4 Characterize system features through enumeration 31.5 Identify scheduled tasks that may affect the purpose or activity on a machine 31.6 Explain what should be assessed during enumeration of the environment 31.7 Describe how to detect and enumerate malware SKILL 32: Discuss the documentation involved in a tactical survey 32.1 Identify the importance of operations notes (Op Notes) 32.2 Discuss the components of a report SKILL 33: Use enumeration information to analyze courses of action 33.1 Discuss the primary factors for recommending a course of action based on enumeration 33.2 Identify the common vulnerabilities that could change the course of a mission 33.3 Discuss the development of courses of action Linux Operating Systems Section 1: Core Features SKILL 1: Identify common shells 1.1 Describe common shells and their differences 1.2 Define common shell modes, features and functions SKILL 2: Employ commands using common shells 2.1 Demonstrate basic familiarity with the command line interface 2.2 Describe environment initialization and implications 2.3 Demonstrate appropriate use of pipes and redirection 2.4 Explain the fundamentals of Boolean logic 2.5 Identify methods of gaining more information about commands and switches SKILL 3: Analyze the Linux file system
7 3.1 Describe file system hierarchy 3.2 Describe file system ownership properties 3.3 Discuss file system permissions 3.4 Discuss file system timestamps 3.5 Discuss file system attributes 3.6 Employ commands to search the file system 3.7 Describe regular expressions 3.8 Create regular expressions to find data within in the file system 3.9 Identify the information that a regular expression will return Section 2: Boot Processes SKILL 4: Describe the Linux boot process 4.1 Identify components of the boot process 4.2 Explain the post kernel boot process 4.3 Describe boot process differences across Linux variants 4.4 Describe partitions SKILL 5: Assess boot configuration files 5.1 Identify components of the boot configuration file 5.2 Identify system changes after modification of the boot configuration file Section 3: Scripts & Processes SKILL 6: Identify Linux processes 6.1 Identify common processes for Linux startup 6.2 Identify common processes for Linux machine 6.3 Employ commands to enumerate processes
8 6.4 Explain the functionality of daemons 6.5 Discuss orphaned and defunct processes 6.6 Identify the purpose of apt/aptitude 6.7 Evaluate the validity of Linux processes SKILL 7: Develop shell scripts 7.1 Demonstrate basic familiarity with shell scripting 7.2 Explain variables and variable manipulation 7.3 Employ commands for string manipulation 7.4 Identify hashing and file hashes 7.5 Create a bash script to perform basic enumeration on a Linux machine SKILL 8: Identify Linux networking features 8.1 Describe the local name resolution process on a Linux host 8.2 Describe the difference between regular and raw sockets 8.3 Identify basic network services for Linux 8.4 Employ commands to gather network information 8.5 Enumerate active connections on a Linux machine 8.6 Describe the advantages and disadvantages of Samba 8.7 Explain the functionality of telnet 8.8 Perform a file transfer using telnet 8.9 Analyze network connections using Linux command line tools Section 4: Auditing & Logging SKILL 9: Identify auditing activities 9.1 Explain system logging 9.2 Identify application logging 9.3 Explain authentication and authorization logs SKILL 10: Identify actions that contribute to log files
9 10.1 Describe the actions that contribute to entries in log files 10.2 Analyze log files for anomalous activity Section 5: Linux Exploitation SKILL 11: Discuss the reasons to establish permanent presence 11.1 Define permanent presence 11.2 Describe the clean-up process associated with your activity 11.3 Identify indicators and symptoms of compromise 11.4 Develop a methodology for the enumeration of a compromised system SKILL 12: Analyze different types of rootkits and backdoors 12.1 Discuss and define the main types of backdoors 12.2 Discuss and define the main types of rootkits 12.3 Identify different backdoor persistence techniques 12.4 Describe backdoor communication methods 12.5 Describe methods to detect and mitigate rootkits 12.6 Demonstrate how rootkits can be used to provide false information to a user SKILL 13: Explore Linux Exploitation tools 13.1 Discuss shell code 13.2 Identify remote shell code execution 13.3 Define credentials 13.4 Perform credential cracking 13.5 Identify purposes for Metasploit 13.6 Define rainbow tables 13.7 Identify the purposes for custom malware 13.8 Identify zero configuration networking
10 Networking Section 1: Network Discovery SKILL 1: Identify core networking features 1.1 Describe data link protocol 1.2 Describe Layer 2 switching concepts 1.3 Explain how virtual LANs work 1.4 Describe how internetworking is performed 1.5 Discuss LAN and internetwork traffic and how they interact 1.6 Describe classless versus classful networking 1.7 Explain the differences between IPv4 and IPv6 1.8 Describe address scope 1.9 Describe methods for assigning IP addresses 1.10 Explain how a router works 1.11 Explain the routing process 1.12 Describe features of the Dynamic Host Configuration Protocol (DHCP) 1.13 Describe the differences between DHCPv4 and DHCPv Describe the address resolution protocol (ARP) 1.15 Describe ICMP 1.16 Describe transport protocols 1.17 Describe UDP and when it should be used 1.18 Describe TCP and when it should be used 1.19 Explain why helper protocols are used 1.20 Identify well-known ports 1.21 Describe ephemeral ports 1.22 Explain Domain Name Service (DNS) 1.23 Explain IP routing tables 1.24 Explain the difference between regular and raw sockets
11 SKILL 2: Identify fundamentals of network discovery 2.1 Describe active methods used for network discovery 2.2 Explain the potential mitigation techniques for network discovery 2.3 Explain the network discovery process from an offensive position 2.4 Explain the network discovery process from a defensive position 2.5 Discuss best practices for network analysis 2.6 Identify the items of interest when performing internal reconnaissance SKILL 3: Perform network discovery 3.1 Analyze a router configuration and create a network map Section 2: Analyze Network Traffic SKILL 4: Identify the sections of common packet headers 4.1 Identify the various packet headers 4.2 Explain address auto-configuration 4.3 Describe IPv4 packet structures 4.4 Describe IPv6 packet structures 4.5 Describe common ICMP message types SKILL 5: Identify packet sniffing tools 5.1 Explain Berkley Packet Filters (BPF) 5.2 Use BPFs to view multiple protocol types 5.3 Demonstrate packet decoding features 5.4 Describe network sniffing 5.5 Identify common networking sniffing tools 5.6 Explain why network sniffers are common for remote exploitation and detection 5.7 Identify how sniffing and filtering relate to the DNS protocol 5.8 Discuss passive approaches to network analysis 5.9 Explain how host analysis can be used to gather network information 5.10 Explain server identification
12 5.11 Perform server identification 5.12 Explain how server identification can be used to gather network information 5.13 Explain how packet captures can be used to gather network information 5.14 Describe the principles of p0f 5.15 Discuss the purpose of p0f databases 5.16 Describe the process of sniffing for an operating system 5.17 Assess TTL/hop counts SKILL 6: Identify implications of network traffic captures 6.1 Discuss security implications of major protocol traffic 6.2 Explain why network monitoring tools are deployed 6.3 Explain the impact of network monitoring tools in exploitation operations Section 3: Filtering Devices SKILL 7: Define methodologies of filtering 7.1 Explain the function of different network devices and their recommended position on a network 7.2 Explain how network devices can be used to filter packets 7.3 Describe CISCO standard and extended access control lists (ACL) 7.4 Explain how ACLs are applied 7.5 Describe the limitations of packet filters in terms of directionality 7.6 Discuss firewall types 7.7 Interpret a data flow diagram given a set of firewall rules 7.8 Describe the purpose of iptables 7.9 Explain how iptables are structured 7.10 Describe iptable rules 7.11 Explain the effect of iptable rules on traffic flows 7.12 Contrast iptable chains and ACLs 7.13 Construct iptable rules
13 7.14 Explain network address translation (NAT) 7.15 Explain the functionality of NAT within iptables SKILL 8: Identify filtering devices SKILL 9: Configure filtering devices Section 4: Network Traffic Manipulation SKILL 10: Perform file transfers 10.1 Describe common methods for transferring files 10.2 Describe covert methods for transferring files 10.3 Explain the forward file transfer process with netcat 10.4 Explain the reverse file transfer process with netcat 10.5 Demonstrate the process for transferring files via terminal SKILL 11: Perform network traffic redirection 11.1 Explain how SSH tunneling 11.2 Explain the process of IPv4 tunneling 11.3 Explain the process of IPv6 tunneling 11.4 Contrast redirection with tunneling SKILL 12: Define the principles of tunneling network traffic 12.1 Explain establishment redirectors 12.2 Explain deployable redirectors 12.3 Contrast establishment and deployment redirectors 12.4 Explain the challenges of discovering covert channels 12.5 Use FPIP to perform redirection 12.6 Describe protocol swapping SKILL 13: Identify fundamentals of secure shell protocol 13.1 Discuss SSH tunnels 13.2 Discuss SSH reverse tunnels 13.3 Interpret tunnel diagrams
14 13.4 Describe the process for using SSH to connect to a remote machine 13.5 Explain the purpose of multi-hop tunneling 13.6 Explain the process for multi-hop tunneling 13.7 Describe the appropriate use of of reverse tunnels 13.8 Describe basic port forwarding 13.9 Set up an initial SSH tunnel and add another tunnel using another tool Section 5: Industrial Control Systems (ICS) SKILL 14: Define Industrial Control System (ICS) fundamentals 14.1 Describe ICS hardware 14.2 Describe ICS software 14.3 Discuss industries where ICS is most utilized 14.4 Describe industry processes 14.5 Describe basic operations of ICS 14.6 Identify ICS components SKILL 15: Identify ICS security incidents 15.1 Identify types of attackers to an ICS 15.2 Discuss ICS vulnerabilities SKILL 16: Identify ICS zones 16.1 Explain how defensive measures are used in ICS zones 16.2 Describe the role of zones in defense-in-depth SKILL 17: Identify ICS protocols Section 6: Network Exploitation SKILL 18: Communicate cyberspace operations methodologies 18.1 Describe the mindset of cyber actors 18.2 Describe standard internal exploitation methodologies 18.3 Describe standard external exploitation methodologies
15 18.4 Discuss the importance of testing tools in a controlled environment SKILL 19: Define common frameworks for conducting cyberspace operations 19.1 Describe exfiltration strategies 19.2 Describe the benefits of acquiring critical systems 19.3 Explain the benefits of acquiring domain credentials SKILL 20: Discuss methods to gain access 20.1 Define shellcode 20.2 Define the process for ensuring shellcode executes 20.3 Discuss code injection 20.4 Explain the process of code injection 20.5 Explain methods of detecting code injection 20.6 Describe the processes to escalate privileges SKILL 21: Describe network attacks 21.1 Define network attacks 21.2 Compare network attack strategies 21.3 Discuss collateral effects of cyberspace attacks
Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services
Following topics will be covered: Module 1: Penetration Testing Planning and Scoping - Types of penetration testing and ethical hacking projects - Penetration testing methodology - Limitations and benefits
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security No part of this publication, in whole or in part, may
More information2018 Cyber Mission Training Course Catalog
2018 Cyber Mission Training Catalog 7740 Milestone Parkway, Suite 150 Hanover, Maryland 21076 2018 copyrighted by the KeyW Corp. All rights reserved. KeyWCorp.com/cyber-mission-training TABLE OF CONTENTS
More informationTraining for the cyber professionals of tomorrow
Hands-On Labs Training for the cyber professionals of tomorrow CYBRScore is a demonstrated leader in professional cyber security training. Our unique training approach utilizes immersive hands-on lab environments
More informationUnderstanding Cisco Cybersecurity Fundamentals
210-250 Understanding Cisco Cybersecurity Fundamentals NWExam.com SUCCESS GUIDE TO CISCO CERTIFICATION Exam Summary Syllabus Questions Table of Contents Introduction to 210-250 Exam on Understanding Cisco
More informationWHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model
More informationImplementing Cisco Cybersecurity Operations
210-255 Implementing Cisco Cybersecurity Operations NWExam.com SUCCESS GUIDE TO CISCO CERTIFICATION Exam Summary Syllabus Questions Table of Contents Introduction to 210-255 Exam on Implementing Cisco
More informationCyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX
Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security HTML PHP Database Linux Operating System and Networking: LINUX NETWORKING Information Gathering:
More informationCertified Penetration Testing Consultant
Certified Penetration Testing Consultant Duration: 4 Days Language: English Course Delivery: Classroom COURSE BENEFITS The vendor neutral Certified Penetration Testing Consultant course is designed for
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationPracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam
PracticeDump http://www.practicedump.com Free Practice Dumps - Unlimited Free Access of practice exam Exam : SY0-501 Title : CompTIA Security+ Certification Exam Vendor : CompTIA Version : DEMO Get Latest
More informationASA/PIX Security Appliance
I N D E X A AAA, implementing, 27 28 access to ASA/PIX Security Appliance monitoring, 150 151 securing, 147 150 to websites, blocking, 153 155 access control, 30 access policies, creating for web and mail
More informationCPTE: Certified Penetration Testing Engineer
www.peaklearningllc.com CPTE: Certified Penetration Testing Engineer (5 Days) *Includes exam voucher, course video, an exam preparation guide About this course Certified Penetration Testing Engineer certification
More informationCOPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51
Acknowledgments Introduction Part I: The Basics in Depth 1 Chapter 1: Windows Attacks 3 Attack Classes 3 Automated versus Dedicated Attacker 4 Remote versus Local 7 Types of Attacks 8 Dedicated Manual
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationCurso: Ethical Hacking and Countermeasures
Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security
More informationStrategic Infrastructure Security
Strategic Infrastructure Security Course Number: SCPSIS Length: Certification Exam There are no exams currently associated with this course. Course Overview This course picks up right where Tactical Perimeter
More informationPROTECTING INFORMATION ASSETS NETWORK SECURITY
PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationETHICAL HACKING & COMPUTER FORENSIC SECURITY
ETHICAL HACKING & COMPUTER FORENSIC SECURITY Course Description From forensic computing to network security, the course covers a wide range of subjects. You will learn about web hacking, password cracking,
More informationContents at a Glance
Contents at a Glance Introduction 1 I The Essentials of Network Perimeter Security 1 Perimeter Security Fundamentals 7 2 Packet Filtering 23 3 Stateful Firewalls 55 4 Proxy Firewalls 87 5 Security Policy
More informationAPT Protection.
Sangfor NGAF v7.4 Professional APT Protection tech.support@sangfor.com www.sangfor.com What is APT Gartner: Defining Advanced Persistent Threats Page 2 What is APT SANGFOR: APT is Not An Attack, But a
More informationAudience. Pre-Requisites
T R A N C H U L A S W O R K S H O P S A N D T R A I N I N G S Hands-On Penetration Testing Training Course About Tranchulas Tranchulas is a multinational information security company having its offices
More informationChapter 5 Live Data Collection Windows Systems
Chapter 5 Live Data Collection Windows Systems Ed Crowley Spring 10 1 Topics Live Investigation Goals Creating a Response Toolkit Common Tools and Toolkits Preparing the Toolkit Storing Information Obtained
More informationINCIDENT HANDLING & RESPONSE PROFESSIONAL VERSION 1
INCIDENT HANDLING & RESPONSE PROFESSIONAL VERSION 1 The most practical and comprehensive training course on incident handling & response elearnsecurity has been chosen by students in over 140 countries
More informationDoS Attacks Malicious Code Attacks Device Hardening Social Engineering The Network Security Wheel
CCNA4 Chapter 4 * DoS Attacks DoS attacks are the most publicized form of attack and also among the most difficult to eliminate. DoS attacks prevent authorized people from using a service by consuming
More informationAdvanced Diploma on Information Security
Course Name: Course Duration: Prerequisites: Course Fee: Advanced Diploma on Information Security 300 Hours; 12 Months (10 Months Training + 2 Months Project Work) Candidate should be HSC Pass & Basic
More information01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED
01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED Contents 1. Introduction 3 2. Security Testing Methodologies 3 2.1 Internet Footprint Assessment 4 2.2 Infrastructure Assessments
More informationCASP CompTIA Advanced Security Practitioner Study Guide: (Exam CAS-001)
CASP CompTIA Advanced Security Practitioner Study Guide: (Exam CAS-001) Gregg, Michael ISBN-13: 9781118083192 Table of Contents Foreword xxi Introduction xxvii Assessment Test xliv Chapter 1 Cryptographic
More informationIntrusion Detection. Comp Sci 3600 Security. Introduction. Analysis. Host-based. Network-based. Distributed or hybrid. ID data standards.
or Detection Comp Sci 3600 Security Outline or 1 2 3 4 5 or 6 7 8 Classes of or Individuals or members of an organized crime group with a goal of financial reward Their activities may include: Identity
More informationMOC 6419B: Configuring, Managing and Maintaining Windows Server based Servers
MOC 6419B: Configuring, Managing and Maintaining Windows Server 2008- based Servers Course Overview This instructor-led course provides students with the knowledge and skills that are required to manage
More informationEC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led
EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led Certification: Certified Network Defender Exam: 312-38 Course Description This course is a vendor-neutral, hands-on,
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationComputer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition. Chapter 2 Investigating Network Traffic
Computer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition Chapter 2 Investigating Network Traffic Objectives After completing this chapter, you should be able to: Understand network
More informationComputer Network Vulnerabilities
Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like
More informationQuestion No: 2 Which identifier is used to describe the application or process that submitted a log message?
Volume: 65 Questions Question No: 1 Which definition of a fork in Linux is true? A. daemon to execute scheduled commands B. parent directory name of a file pathname C. macros for manipulating CPU sets
More informationUnit 2: Manage Files Graphically with Nautilus Objective: Manage files graphically and access remote systems with Nautilus
Linux system administrator-i Unit 1: Get Started with the GNOME Graphical Desktop Objective: Get started with GNOME and edit text files with gedit Unit 2: Manage Files Graphically with Nautilus Objective:
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationInterconnecting Cisco Networking Devices Part 1 ICND1
Interconnecting Cisco Networking Devices Part 1 ICND1 Course Length: 5 days Course Delivery: Traditional Classroom Online Live Course Overview Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0
More informationIoT Vulnerabilities. By Troy Mattessich, Raymond Fradella, and Arsh Tavi. Contribution Distribution
Security Penetration Through IoT Vulnerabilities By Troy Mattessich, Raymond Fradella, and Arsh Tavi Contribution Distribution Arsh Tavi Troy Mattessich Raymond Fradella Conducted research and compiled
More informationCIS Controls Measures and Metrics for Version 7
Level One Level Two Level Three Level Four Level Five Level Six 1.1 Utilize an Active Discovery Tool Utilize an active discovery tool to identify devices connected to the organization's network and update
More informationEmerging Threat Intelligence using IDS/IPS. Chris Arman Kiloyan
Emerging Threat Intelligence using IDS/IPS Chris Arman Kiloyan Who Am I? Chris AUA Graduate (CS) Thesis : Cyber Deception Automation and Threat Intelligence Evaluation Using IDS Integration with Next-Gen
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More information6293A Troubleshooting and Supporting Windows 7 in the Enterprise
6293A Troubleshooting and Supporting Windows 7 in the Enterprise Course Number: 6293A Course Length: 3 Days Course Overview This course is designed for Information Technology (IT) professionals who have
More informationCIS Controls Measures and Metrics for Version 7
Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information
More informationCND Exam Blueprint v2.0
EC-Council C ND Certified Network Defende r CND Exam Blueprint v2.0 CND Exam Blueprint v2.0 1 Domains Objectives Weightage Number of Questions 1. Computer Network and Defense Fundamentals Understanding
More informationAdvanced Ethical Hacking & Penetration Testing. Ethical Hacking
Summer Training Internship Program 2017 (STIP - 2017) is a practical oriented & industrial level training program for all students who have aspiration to work in the core technical industry domain. This
More informationn Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic
Chapter Objectives n Understand how to use appropriate software tools to assess the security posture of an organization Chapter #7: Technologies and Tools n Given a scenario, analyze and interpret output
More informationCHCSS. Certified Hands-on Cyber Security Specialist (510)
CHCSS Certified Hands-on Cyber Security Specialist () SYLLABUS 2018 Certified Hands-on Cyber Security Specialist () 2 Course Description Entry level cyber security course intended for an audience looking
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationNetwork Intrusion Analysis (Hands on)
Network Intrusion Analysis (Hands on) TCP/IP protocol suite is the core of the Internet and it is vital to understand how it works together, its strengths and weaknesses and how it can be used to detect
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationSyllabus: The syllabus is broadly structured as follows:
Syllabus: The syllabus is broadly structured as follows: SR. NO. TOPICS SUBTOPICS 1 Foundations of Network Security Principles of Network Security Network Security Terminologies Network Security and Data
More informationIncident Scale
SESSION ID: SOP-T07 Incident Response @ Scale Salah Altokhais Incident Response Consultant National Cyber Security Center (NCSC),KSA @salah.altokhais Khalid Alsuwaiyel Incident Response Specialist National
More informationCourse: Windows 7 Enterprise Desktop Support Technician Boot Camp (MCITPWIN7)
Course: Enterprise Desktop Support Technician Boot Camp (MCITPWIN7) Course Length: Duration 5 days Course Code: MCITPWIN7 Course Description Having reviewed course MS-50331 - Enterprise Support Technician
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationA. The portal will function as an identity provider and issue an authentication assertion
Volume: 88 Questions Question: 1 A security analyst wishes to increase the security of an FTP server. Currently, all trails to the FTP server is unencrypted. Users connecting to the FTP server use a variety
More informationTestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified
TestOut Network Pro - English 4.1.x COURSE OUTLINE Modified 2017-07-06 TestOut Network Pro Outline - English 4.1.x Videos: 141 (18:42:14) Demonstrations: 81 (10:38:59) Simulations: 92 Fact Sheets: 145
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationFRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months
FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months MODULE: INTRODUCTION TO INFORMATION SECURITY INFORMATION SECURITY ESSENTIAL TERMINOLOGIES
More informationCompTIA CSA+ Cybersecurity Analyst
CompTIA CSA+ Cybersecurity Analyst Duration: 5 Days Course Code: Target Audience: The CompTIA Cybersecurity Analyst (CSA+) examination is designed for IT security analysts, vulnerability analysts, or threat
More informationSINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker
NH9000 Certified Ethical Hacker 104 Total Hours COURSE TITLE: Certified Ethical Hacker COURSE OVERVIEW: This class will immerse the student into an interactive environment where they will be shown how
More informationCritical Analysis and last hour guide for RHCSA/RHCE Enterprise 7
Critical Analysis and last hour guide for RHCSA/RHCE Enterprise 7 Disclaimer: I haven t gone through RHCSA/RHCE EL 7. I am preparing for upgrade of my RHCE certificate from RHCE EL4 to RHCE EL7. I don
More informationCISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline
CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationImplementing Cisco Network Security (IINS) 3.0
Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationSeceon s Open Threat Management software
Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real
More informationAUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response
AUTHENTICATION Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response Who we are Eric Scales Mandiant Director IR, Red Team, Strategic Services Scott Koller
More informationSpecialized Programme on Internetworking Design and LAN WAN Administration
Specialized Programme on Internetworking Design and LAN WAN Administration OBJECTIVE OF THE PROGRAMME The main objective of the programme is to build capacity of the professionals drawn from industry,
More informationTestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified
TestOut Network Pro - English 5.0.x COURSE OUTLINE Modified 2018-03-06 TestOut Network Pro Outline - English 5.0.x Videos: 130 (17:10:31) Demonstrations: 78 (8:46:15) Simulations: 88 Fact Sheets: 136 Exams:
More informationHikCentral V1.3 for Windows Hardening Guide
HikCentral V1.3 for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1Strict Password Policy... 2 1.2Turn Off Windows Remote
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationCUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE
Instructor: Prof Aftab Ahmad Office: NB 612 Telephone No. (212)393-6314 Email Address: aahmad@jjay.cuny.edu Office Hours: By appointment TEXT & REFERENCE MATERIAL Text Notes from instructor posted on Blackboard
More informationOSSIM Fast Guide
----------------- OSSIM Fast Guide ----------------- February 8, 2004 Julio Casal http://www.ossim.net WHAT IS OSSIM? In three phrases: - VERIFICATION may be OSSIM s most valuable contribution
More informationScanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE
UNIT III STUDY GUIDE Course Learning Outcomes for Unit III Upon completion of this unit, students should be able to: 1. Recall the terms port scanning, network scanning, and vulnerability scanning. 2.
More information3+1+0 (3) IT 201 T. Principles of Information and Technology Systems. Prereq: CS 110T IT 222 T. Communications and Networks Fundamentals (4)
Principles of Information and Technology Systems IT 201 T Prereq: CS 110T This course aims to develop an understanding of the components of computing and their relationships, significant impacts of IT
More informationHands-On Ethical Hacking and Network Defense 3 rd Edition
Hands-On Ethical Hacking and Network Defense 3 rd Edition Chapter 13 Network Protection Systems Last modified 1-11-17 Objectives Explain how routers are used to protect networks Describe firewall technology
More informationCompTIA Security+ (Exam SY0-401)
CompTIA Security+ (Exam SY0-401) Course Overview This course will prepare students to pass the current CompTIA Security+ SY0-401 certification exam. After taking this course, students will understand the
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationCompTIA Network+ Study Guide Table of Contents
CompTIA Network+ Study Guide Table of Contents Course Introduction Table of Contents Getting Started About This Course About CompTIA Certifications Module 1 / Local Area Networks Module 1 / Unit 1 Topologies
More informationECCouncil Exam v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ]
s@lm@n ECCouncil Exam 312-50v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ] Question No : 1 An Intrusion Detection System(IDS) has alerted the network administrator to a possibly
More informationHigh School Graduation Years 2016, 2017 and 2018
Secondary Task List 100 PERSONAL AND ENVIRONMENTAL SAFETY 101 List common causes of accidents and injuries in a computer facility. 102 Wear personal protective equipment. 103 List and identify safety hazard
More informationAURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo
ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking
More informationPremediation. The Art of Proactive Remediation. Matthew McWhirt, Senior Manager Manfred Erjak, Principal Consultant OCTOBER 1 4, 2018 WASHINGTON, D.C.
Premediation The Art of Proactive Remediation Matthew McWhirt, Senior Manager Manfred Erjak, Principal Consultant OCTOBER 1 4, 2018 WASHINGTON, D.C. Overview Case Study Remediation Overview Premediation
More informationQuestion No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output:
Volume: 75 Questions Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output: Which of the following is occurring? A. A ping sweep B. A port scan
More informationPort Mirroring in CounterACT. CounterACT Technical Note
Table of Contents About Port Mirroring and the Packet Engine... 3 Information Based on Specific Protocols... 4 ARP... 4 DHCP... 5 HTTP... 6 NetBIOS... 7 TCP/UDP... 7 Endpoint Lifecycle... 8 Active Endpoint
More informationCourse overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)
Overview This course is intended for those wishing to qualify with CompTIA Security+. CompTIA's Security+ Certification is a foundation-level certificate designed for IT administrators with 2 years' experience
More informationSecuring CS-MARS C H A P T E R
C H A P T E R 4 Securing CS-MARS A Security Information Management (SIM) system can contain a tremendous amount of sensitive information. This is because it receives event logs from security systems throughout
More information1/18/13. Network+ Guide to Networks 5 th Edition. Objectives. Chapter 10 In-Depth TCP/IP Networking
Network+ Guide to Networks 5 th Edition Chapter 10 In-Depth TCP/IP Networking Objectives Understand methods of network design unique to TCP/IP networks, including subnetting, CIDR, and address translation
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationCompTIA Cybersecurity Analyst+
CompTIA Cybersecurity Analyst+ Course CT-04 Five days Instructor-Led, Hands-on Introduction This five-day, instructor-led course is intended for those wishing to qualify with CompTIA CSA+ Cybersecurity
More informationTexSaw Penetration Te st in g
TexSaw Penetration Te st in g What is penetration testing? The process of breaking something or using something for an unintended used case for the purpose of bettering the system or application. This
More informationComptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam
Comptia.Certkey.SY0-401.v2014-09-23.by.SANFORD.362q Number: SY0-401 Passing Score: 800 Time Limit: 120 min File Version: 18.5 Exam Code: SY0-401 Exam Name: CompTIA Security+ Certification Exam Exam A QUESTION
More informationTestOut Server Pro 2016: Install and Storage English 4.0.x LESSON PLAN. Revised
TestOut Server Pro 2016: Install and Storage English 4.0.x LESSON PLAN Revised 2018-01-30 2 Table of Contents Introduction Section 1.1: Windows as a Server... 5 Section 1.2: Windows Server 2012 Interface
More informationMOC 6420A: Fundamentals of Windows Server 2008 Network and Applications Infrastructure
MOC 6420A: Fundamentals of Windows Server 2008 Network and Applications Infrastructure Course Number: 6420A Length: 5 Day(s) Certification Exam This course is associated with Exam 70-642 TS: Windows Server
More informationN exam.420q. Number: N Passing Score: 800 Time Limit: 120 min N CompTIA Network+ Certification
N10-006.exam.420q Number: N10-006 Passing Score: 800 Time Limit: 120 min N10-006 CompTIA Network+ Certification Sections 1. Network security 2. Troubleshooting 3. Industry standards, practices, and network
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationCSC 5930/9010 Offensive Security: Lateral Movement
CSC 5930/9010 Offensive Security: Lateral Movement Professor Henry Carter Spring 2019 Recap Symmetric vs. Asymmetric encryption techniques Authentication protocols require proving possession of a secret:
More information